Windows Update KB4078130 disables Spectre Variant 2 patch

The story of the Spectre and Meltdown CPU flaws hasn’t yet ended. As a quick reminder, in the beginning of the January, cyber security experts revealed a severe CPU design flaw in modern processors due to which most of the PCs and other devices running Windows OS were left vulnerable to cyber attacks.[1]

Since this vulnerability in modern chips could allow cyber criminals to bypass system protection and, furthermore, read people’s sensitive information, Microsoft and Intel reacted immediately and released a Specter patch,[2] which consists of two variants – the Spectre 1 patch released by virtual machine vendors and the Spectre 2 (aka. Spectre Variant 2, Google Project Zero Variant 2 (GPZ Variant 2), or CVE-2017-5715), which are being issued by chip manufacturers and designers such as Intel and Arm, and sometimes also an operating system kernel update.

Unfortunately, the Spectre 2 patch was causing more harm than good.[3] Based on people’s reports, the patch triggers random system’s restarts in over 800 CPU models, which may lead to data corruption and loss. On January 22, Intel released a recommendation for the customers to stop deploying the current microcode version on the affected processors since the company is currently testing the effect that the microcode may have on the patched system.

Intel says that almost all older PCs with high-demand task will experience a noticeable slowdown by installing the Spectre 2 patch. Additionally, the hardware with the latest Intel chips may also be negatively affected, but the effect should not be great.

While Intel is testing, updating and deploying the microcode, Microsoft developed and released an update KB4078130[4] to disable the previously released patches for Windows 7, 8.1, 10. The update is supposed to disable the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In other words, it’s should prevent unexpected system reboots and other unwanted behavior caused by Intel’s microcode.

The update KB4078130 patches both client and server on Windows 7 (SP1), Windows 8.1, and all versions of Windows 10. However, it’s not pushed as an automatic update, so the only way to apply it is to navigate to the official Microsoft Update Catalog and download it manually.

Since Spectre is not a minor flaw, cyber security experts recommend following all news about its patch and install all updates unless recommended not to do so.[5] As for now, the update KB4078130 to disable the mitigation against the Spectre Version 2 is safe to install. People did not report any negative effects caused by this patch, so it’s advisable to install it without a delay.

About the author

Lucia Danes
- Security researcher

Lucia Danes is the news editor at UGetFix. She is always on the move because the eager for knowledge makes her travel around the globe and attend InfoSec events and conferences.